Versions Compared

Old Version 2

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: DOCUMENTATION-8525

log4j.appender.DAS_AGENT.userName=adminThis section covers the following topics: 

Table of Contents

...

  1. Change the user credentials in the following files.

    • The <UserName> and <Password> values in <APIM_HOME>/repository/conf/user-mgt.xml file

      Code Block
      languagexml
      <UserManager>
   <Realm>
      <Configuration>
          ...
          <AdminUser>
             <UserName>admin</UserName>                  
             <Password>admin</Password>
          </AdminUser>
      ...
   </Realm>
</UserManager>
      Note

      Note that the password in the  user-mgt.xml  file is written to the primary user store when the server starts for the first time. Thereafter, the password will be validated from the primary user store and not from the  user-mgt.xml  file. Therefore, if you need to change the admin password stored in the user store, you cannot simply change the value in the  user-mgt.xml  file. To change the super admin password, you must use the  Change Password option from the management console.

      To change the password from Management Console ( https://localhost:9443/carbon ), follow the steps in Changing a Password corresponding to API Manager.

    • The  <APIM_HOME>/repository/conf/jndi.properties file.

      Code Block
      connectionfactory.TopicConnectionFactory = amqp://admin:admin@clientid/carbon?brokerlist='tcp://localhost:5672'
connectionfactory.QueueConnectionFactory = amqp://admin:admin@clientID/test?brokerlist='tcp://localhost:5672'

    If you have Configured API Manager Analytics when changing the super admin credentials you have to change credentials in <APIM_HOME>/repository/conf/api-manager.xml and <APIM_HOME>/repository/conf/log4j.properties as well. 

    • The <APIM_HOME>/repository/conf/api-manager.xml file.

      Code Block
      <Analytics>
        <!-- Enable Analytics for API Manager -->
        <Enabled>true</Enabled>
        ....

        <DASServerURL>{tcp://localhost:7612}</DASServerURL>
        <!--DASAuthServerURL>{ssl://localhost:7712}</DASAuthServerURL-->
        <!-- Administrator username to login to the remote DAS server. -->
        <DASUsername>${admin.username}</DASUsername>
        <!-- Administrator password to login to the remote DAS server. -->
        <DASPassword>${admin.password}</DASPassword>

        ....

        <StatsProviderImpl>org.wso2.carbon.apimgt.usage.client.impl.APIUsageStatisticsRdbmsClientImpl</StatsProviderImpl>

        ...

        <DASRestApiURL>https://localhost:9444</DASRestApiURL>
        <DASRestApiUsername>${admin.username}</DASRestApiUsername>
        <DASRestApiPassword>${admin.password}</DASRestApiPassword>

        .....

    </Analytics>

    • The <APIM_HOME>/repository/conf/log4j.properties file.

      Note

      This is only applicable if you have enabled the Log Analyzer, which has been deprecated and disabled by default.

      Code Block
      log4j.appender.DAS_AGENT.userName=admin
log4j.appender.DAS_AGENT.password=admin


log4j.appender.LOGEVENT.userName=admin
log4j.appender.LOGEVENT.password=admin       

...

Login in via multiple user attributes in API Store

See Authentication using multiple Attributes in the WSO2 IS documentation.

Setting up an e-mail login 
Anchor
emaillogin
emaillogin

See Email Authentication in the WSO2 IS documentation.

Tip
  • When setting up email login, specify the complete username with tenant domain. If you are in the super tenant mode the username should be as follows. <username>@<email>@carbon.super
    Example: admin@wso2.com@carboncom@carbon.super.
  • When configuring the <DataPublisher> section under <ThrottlingConfiguration> in the <PRODUCT_HOME>/repository/conf/api-manager.xml file, specify the fully qualified username with tenant domain.
    Example : <Username>admin@wso2 <Username>admin@wso2.com@carboncom@carbon.super</Username>

  • The "@" character is a reserved character in the WSO2 messaging component. Therefore, when specifing username in JMS Connection URL, under <JMSConnectionParameters> section in the <PRODUCT_HOME>/repository/conf/api-manager.xml file, "@" characters should be replaced by "!" character. An example is shown below.

    Code Block
    <connectionfactory.TopicConnectionFactory><![CDATA[amqp://admin!wso2.com!carbon.super:admin@clientid/carbon?failover='roundrobin'&cyclecount='2'&brokerlist='tcp://10.100.0.3:5682?retries='5'&connectdelay='50';tcp://10.100.0.3:5692?retries='5'&connectdelay='50'']]></connectionfactory.TopicConnectionFactory>

...

Note

Note that auto-provision users based on a social network login is not supported in a multi-tenant environment

Info

In a multi-tenant environment, the system cannot identify the tenant domain in the login request that comes to the API Manager's Publisher/Store. Therefore, the service provider is registered as a SaaS application within the super tenant's space. Configuring user provisioning is part of creating the service provider. In order to authenticate the user through a third party identity provider such as a social network login, you must enable identity federation. As the service provider is created in the super tenant's space, the provisioned user is also created within the super tenant's space. As a result, it is not possible to provision the user in the tenant's space. 

To overcome this limitation, you can write a custom authenticator to retrieve the tenant domain of the user and write a custom login page where the user can enter the tenant domain, which is then added to the authenticator context. Then, write a custom provisioning handler to provision the user in the tenant domain that is maintained in the context.